By Risk Score
By Publish Date
By Recent Activity
ibm vulnerabilities and exploits
(subscribe to this query)
IBM Sterling B2B Integrator Standard Edition 18.104.22.168 and 22.214.171.124 could allow a local user to obtain highly sensitive information during a short time period when installation is occurring. IBM X-Force ID: 149607....
Sterling B2b Integrator
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369....
IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063....
IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148....
Tririga Application Platform
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 126.96.36.199 iFix 8 and 3.4.3 before 188.8.131.52 iFix 1 allows man-in-the-middle attackers to obtain sensitive information via an HTTP method that is neither GET nor POST....
Sterling Secure Proxy
IBM Spectrum LSF 9.1.1 9.1.2, 9.1.3, and 10.1 could allow a local user to change their job user at job submission time due to improper file permission settings. IBM X-Force ID: 147439....
IBM Leads 7.x, 8.1.0 before 184.108.40.206, 8.2, 8.5.0 before 220.127.116.11.3, 8.6.0 before 18.104.22.168.1, 9.0.0 through 22.214.171.124, 9.1.0 before 126.96.36.199.1, and 9.1.1 before 188.8.131.52.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension....
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input. IBM X-Force ID: 175026....
Spectrum Protect Plus
IBM Maximo Asset Management 7.6 could allow an authenticated user perform actions they are not authorized to by modifying request parameters. IBM X-Force ID: 163490....
Maximo Asset Configuration Manager
Maximo Asset Health Insights
Maximo Asset Management
Maximo Asset Management Scheduler
Maximo Asset Management Scheduler Plus
Maximo Enterprise Adapter
Maximo Equipment Maintenance Assistant On-premises
Maximo For Aviation
Maximo For Life Sciences
Maximo For Nuclear Power
Maximo For Oil And Gas
Maximo For Service Providers
Maximo For Transportation
Maximo For Utilities
Maximo Linear Asset Manager
Maximo Network On Blockchain
Tivoli Integration Composer
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request....
Iseries As 400